netsupport | 011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba

Analysis

max time kernel
118s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba.exe
Size

99KB
MD5

94c0ceb9bf2ba3ea4b60d67db728132c
SHA1

1fa5ca6058e19602675076907748b08948495897
SHA256

011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba
SHA512

2d5e24f01237875317272afec8c0fcfbbee5bf56532332f129345931f0c1444f84a0f0415cf72ce4872e90157c5229338b8fc7cff4404d60e68a1ff80a5aeb88
SSDEEP

1536:TaRU9m4HYvSIX0u+7+j71+s5g2YEcIQ7/AzWOWuEdeHZMcziqU1ZyiL:BOhX0N7+f135dcIxWazScuqCMY

Score

10^/10

netsupport zgrat persistence rat

Malware Config

Signatures

Detect ZGRat V1 34 IoCs

resource	yara_rule
behavioral1/memory/2152-10-0x0000000004C90000-0x0000000004D3A000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-11-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-12-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-16-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-14-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-18-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-20-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-22-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-24-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-28-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-26-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-30-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-32-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-34-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-40-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-38-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-36-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-42-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-48-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-46-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-50-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-52-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-44-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-56-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-62-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-64-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-66-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-60-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-68-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-58-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-54-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-70-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-74-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1
behavioral1/memory/2152-72-0x0000000004C90000-0x0000000004D33000-memory.dmp	family_zgrat_v1

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Executes dropped EXE 3 IoCs

pid	Process
2152	mouthcoordinate.exe
1276	mouthcoordinate.exe
2196	client32.exe

Loads dropped DLL 8 IoCs

pid	Process
2092	011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba.exe
2152	mouthcoordinate.exe
1276	mouthcoordinate.exe
2196	client32.exe
2196	client32.exe
2196	client32.exe
2196	client32.exe
2196	client32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2152 set thread context of 1276	2152	mouthcoordinate.exe	31

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
1772	schtasks.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2152	mouthcoordinate.exe
Token: SeSecurityPrivilege	2196	client32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	client32.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2152	2092	011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba.exe	28
PID 2092 wrote to memory of 2152	2092	011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba.exe	28
PID 2092 wrote to memory of 2152	2092	011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba.exe	28
PID 2092 wrote to memory of 2152	2092	011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba.exe	28
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 2152 wrote to memory of 1276	2152	mouthcoordinate.exe	31
PID 1276 wrote to memory of 1772	1276	mouthcoordinate.exe	34
PID 1276 wrote to memory of 1772	1276	mouthcoordinate.exe	34
PID 1276 wrote to memory of 1772	1276	mouthcoordinate.exe	34
PID 1276 wrote to memory of 1772	1276	mouthcoordinate.exe	34
PID 1276 wrote to memory of 2196	1276	mouthcoordinate.exe	35
PID 1276 wrote to memory of 2196	1276	mouthcoordinate.exe	35
PID 1276 wrote to memory of 2196	1276	mouthcoordinate.exe	35
PID 1276 wrote to memory of 2196	1276	mouthcoordinate.exe	35

C:\Users\Admin\AppData\Local\Temp\011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba.exe
"C:\Users\Admin\AppData\Local\Temp\011c45deea7f50338e56529fb8705caa6e86b3920e7f4f79926bcb7933ffa0ba.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mouthcoordinate.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mouthcoordinate.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mouthcoordinate.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mouthcoordinate.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1276
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\system32\schtasks.exe" /create /sc ONLOGON /tn "temo_clean" /tr "C:\Users\Admin\AppData\Local\temo_clean\client32.exe" /RL HIGHEST
      4⤵
      Creates scheduled task(s)
      PID:1772
  - - C:\Users\Admin\AppData\Local\temo_clean\client32.exe
      C:\Users\Admin\AppData\Local\temo_clean\client32.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\temo_clean\HTCTL32.DLL

Filesize
113KB

MD5
43121c56aff0d4b173be0cfb874189bf

SHA1
2da8da3cbb2c632bef1b663a4528ec7c04ef3f1e

SHA256
9814e8c3c1f13c84e0a49824f3681b35fbf63f6b79bbbd512104b386a4fa18c2

SHA512
8e6a7f0125497026094cbca83f69a8e6dde35f8d94bb70621d64f29959c18c3a3fc7c511128b2eac41a995a4b7525dcf65c545e519dc5cf5342bd614385f770a

Download Submit
C:\Users\Admin\AppData\Local\temo_clean\MSVCR100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Users\Admin\AppData\Local\temo_clean\NSM.LIC

Filesize
259B

MD5
3a88847f4bbf7199a2161ed963fe88ef

SHA1
8629803adb6af84691dc5431b6590df14bad4a61

SHA256
a680947aba5cf3316be50f1ec6a0d8bf72f7d7ca79d91430c26e24680eddd35e

SHA512
2b6408e7334946655045914b2cfa14dcfb39502f64ffafad784717a8ca036b73928bd7a5b02d650d8698357c54c31cac11a705baed0e1e7a3a07d659a2104e02

Download Submit
C:\Users\Admin\AppData\Local\temo_clean\PCICL32.dll

Filesize
1.6MB

MD5
86608c4e915c721abb4fb07bb1281543

SHA1
d0652de5e0274996314b6a1094c5a5d2f1e320c3

SHA256
b560862d9ed54eaebbd87ee65c81e610a9e32bc0bf6003211b26308323b2a58b

SHA512
651220512001de5387134197ef155383ac6cca5b3f233f9cc31f252df6a1063c1c167800b90871cd35f96bbd9ba5ce4ff913bf2261970359aebbf924850ffa02

Download Submit
C:\Users\Admin\AppData\Local\temo_clean\client32.exe

Filesize
117KB

MD5
a2b46c59f6e7e395d479b09464ecdba0

SHA1
92c132307dd21189b6d7912ddd934b50e50d1ec1

SHA256
89f0c8f170fe9ea28b1056517160e92e2d7d4e8aa81f4ed696932230413a6ce1

SHA512
4f4479ddcd9d0986aec3d789f9e14f9285e8d9d63a5b8f73c9e3203d3a53cd575b1e15edf0d5f640816bb7f25bd3501244e0f7c181a716a6804742ed2f1cf916

Download Submit
C:\Users\Admin\AppData\Local\temo_clean\client32.ini

Filesize
731B

MD5
5dd29bf537f942e8f740eef7115597b9

SHA1
f46c544c5ee2cfdd310ad2573637dfea270e6d48

SHA256
1817536fd60e66f91b2271bf67eb6b9257a1e88be1627de968ac5aa6b4fe6443

SHA512
fe1f8bfb7211b4cb29442f8e22b0a892006a06bb20e5174ae2205775554737ef1a4c79778d2fbf1a9934a0691f0cfc9177dfbef1c212a831c665ed246775aadb

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\mouthcoordinate.exe

Filesize
18KB

MD5
57e3a39940a2e1c44beb4f9db2bff62a

SHA1
385322bc1caab1a92ee1309b3d1f8ed49fecce6b

SHA256
198487618c0a63e523213a3971209a22489c927e768cc6d7b9203ab89edde96d

SHA512
0c779f67baffe73a4505705abb90439667840a85b2af9a0008134cce58d9c0d1d635e4021e30fb188d2c442cb29f1ed52afc96aa0e4a912394c73c8f90e6ffe4

Download Submit
\Users\Admin\AppData\Local\temo_clean\HTCTL32.DLL

Filesize
18KB

MD5
96ab562918aa6216412e1e85616780bd

SHA1
72ebe070774417341a76c125da01f6518f46288e

SHA256
7e05c955c6644635b284bde6ea6aaf0910fe5b78ebcae8e400a1b3d2d0b1ec61

SHA512
fa12d454d1eda664900daf1ceb4fd8fbe210bf9c9ba84dc1ea0fc2df72a2ce8d2b65854aeaf31cbc351ef3f684ce85bacb95d5a9a96b8ac5430c506a30fe9efe

Download Submit
\Users\Admin\AppData\Local\temo_clean\PCICHEK.DLL

Filesize
18KB

MD5
a0b9388c5f18e27266a31f8c5765b263

SHA1
906f7e94f841d464d4da144f7c858fa2160e36db

SHA256
313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

SHA512
6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

Download Submit
\Users\Admin\AppData\Local\temo_clean\PCICL32.DLL

Filesize
842KB

MD5
4c3e32354b4c8ad102006e29e1667fcd

SHA1
ad2adcd99089fc1d4aff4918555cae093beac4c1

SHA256
15644c41b19657f8219971dc838a780870d3c90921fddec059aaa6126ecc05a0

SHA512
ce9c850cf039be5e1cd06708d8763bf91b527a03a2bd14ce8a5522a9d86d445debf9532520245b5060c9c4f2b5655d0aa52fe26533cd5db401f4612bf3489cf4

Download Submit
\Users\Admin\AppData\Local\temo_clean\msvcr100.dll

Filesize
603KB

MD5
65d7541bc8a7db4d397970de566628af

SHA1
9e6db1acc93fcea132341d2fef1bc8aa330ca7ce

SHA256
8799de821a4bd40f2df2fdc5c79911ce48eda7e8e5f1219044d180824e39d1aa

SHA512
368f81ae33c8e73b722e7d36c8bb237e397f7389476b161307fbd00cdfdd8f728b2a22393dd084ed4381c70d78d876ded0836c9d39b5711f452d9535be78e2d8

Download Submit
\Users\Admin\AppData\Local\temo_clean\pcicapi.dll

Filesize
32KB

MD5
dcde2248d19c778a41aa165866dd52d0

SHA1
7ec84be84fe23f0b0093b647538737e1f19ebb03

SHA256
9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

SHA512
c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

Download Submit
memory/1276-963-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1276-991-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2152-46-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-66-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-22-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-24-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-28-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-26-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-30-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-32-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-34-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-40-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-38-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-36-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-42-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-48-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-18-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-50-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-52-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-44-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-56-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-62-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-64-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-20-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-60-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-68-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-58-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-54-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-70-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-74-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-72-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-943-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/2152-14-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-16-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-12-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-11-0x0000000004C90000-0x0000000004D33000-memory.dmp

Filesize
652KB

Download
memory/2152-10-0x0000000004C90000-0x0000000004D3A000-memory.dmp

Filesize
680KB

Download
memory/2152-9-0x0000000000710000-0x0000000000750000-memory.dmp

Filesize
256KB

Download
memory/2152-8-0x0000000074540000-0x0000000074C2E000-memory.dmp

Filesize
6.9MB

Download
memory/2152-7-0x0000000000DA0000-0x0000000000DAA000-memory.dmp

Filesize
40KB

Download
memory/2152-944-0x0000000004200000-0x0000000004240000-memory.dmp

Filesize
256KB

Download
memory/2152-945-0x0000000004AE0000-0x0000000004B2C000-memory.dmp

Filesize
304KB

Download
memory/2152-946-0x0000000074540000-0x0000000074C2E000-memory.dmp

Filesize
6.9MB

Download
memory/2152-947-0x0000000000710000-0x0000000000750000-memory.dmp

Filesize
256KB

Download
memory/2152-961-0x0000000074540000-0x0000000074C2E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads